Lucene search

[email protected]CVE-2020-14154

HistoryJun 15, 2020 - 5:15 p.m.

CVE-2020-14154

2020-06-1517:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

235

cve-2020-14154

mutt

security

gnutls

certificate

rejection

expired

intermediate

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.6%

JSON

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.

CPENameOperatorVersion
mutt:muttmuttlt1.14.3
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq19.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq20.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

CPE	Name	Operator	Version
mutt:mutt	mutt	lt	1.14.3
canonical:ubuntu_linux	canonical ubuntu linux	eq	18.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	19.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	20.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	16.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04